Many applications use secure sockets layer (SSL) or transport layer security (TLS) protocols to transmit sensitive information securely. However, developers often provide their own implementation of the standard SSL/TLS certificate validation process. Many of these custom implementations suffer from defects leaving the applications vulnerable to SSL/TLS man-in-the-middle attacks. In this way, attackers can gain access to highly confidential information provided by a user through these vulnerable applications.